If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: jaqadss (just another quick and dirty shared script): intruders

Re: jaqadss (just another quick and dirty shared script): intruders

Originally Posted by trellis

iptables -P INPUT DROP + selective allow anyone?

That doesn't auto-audit them back.

Any paranoid should be able to point out that there is a bit of an issue with counter-scanning someone that shows up on the network, so you have to be careful, but other than that I only have one inquiry:

Code:

echo "aikido dirty script by prowl3r for those bt4f paranoids"

Still not underestimating the power...

There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

Re: jaqadss (just another quick and dirty shared script): intruders

Originally Posted by roybatty

C'mon Gitsnik, that's an easy one. Nice to see ya here.

Some things need to be looked into just to be certain

(BTW, I do know your eyes hurt after reading the script)

It's actually not that bad (well, I didn't gag :P), I might have gone a different way with some structure and flow idea's, and I'm more of a non-interactive kind of analyst (I would have forked the 4 counter-measure options and done them all at once, tcpdump first in case one wants to analyse the packets later on. But other than that, it looks great and I look forward to actually trying it out rather than pulling it apart and checking the man pages on commands I don't know.

Still not underestimating the power...

There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.